* 2.6: (46 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
updated VERSION for 2.6.4
updated CHANGELOG for 2.6.4
bumped Symfony version to 2.5.11
[HttpKernel] Added use of provided by #12022 method to instantiate controller class in bundle's controller resolver
updated VERSION for 2.5.10
updated CHANGELOG for 2.5.10
[Validator] Add a Russian translation for invalid charset message
[2.3] [Validator] spanish translation for invalid charset message
...
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpKernel/Exception/FatalErrorException.php
src/Symfony/Component/HttpKernel/Exception/FlattenException.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Tests/Generator/UrlGeneratorTest.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.es.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.ru.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
* 2.5:
[Validator] use 2.5 API in LengthValidator
fixed id for translations
bumped Symfony version to 2.3.26
Dutch translation for invalid charset message
German translation for invalid charset message
Add a Slovenian translation for invalid charset message
Add a Polish translation.
Test lowest deps with latest 5.3
updated VERSION for 2.3.25
update CONTRIBUTORS for 2.3.25
updated CHANGELOG for 2.3.25
Fix docblocks to comments
Inject the correct EventDispatcher instance
[Validator] reject ill-formed strings
[Validator] drop grapheme_strlen in LengthValidator
Unique Entity Validator Invalid Value
[FrameworkBundle][config] allow multiple fallback locales.
Conflicts:
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.nl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
* 2.3:
fixed id for translations
bumped Symfony version to 2.3.26
Dutch translation for invalid charset message
German translation for invalid charset message
Add a Slovenian translation for invalid charset message
Add a Polish translation.
Test lowest deps with latest 5.3
updated VERSION for 2.3.25
update CONTRIBUTORS for 2.3.25
updated CHANGELOG for 2.3.25
Fix docblocks to comments
[Validator] reject ill-formed strings
[Validator] drop grapheme_strlen in LengthValidator
Unique Entity Validator Invalid Value
[FrameworkBundle][config] allow multiple fallback locales.
Conflicts:
src/Symfony/Bridge/Doctrine/Tests/Validator/Constraints/UniqueEntityValidatorTest.php
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.nl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
src/Symfony/Component/Validator/Tests/Constraints/LengthValidatorTest.php
* 2.6:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
* 2.6:
Minor plural/singular change
print error message if server couldn't be started
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
[Twig][Bridge][TranslationDefaultDomain] add support of named arguments.
[Form] Improved exception message if the data class is not found
Fixes ArgvInput's argument getter with empty tokens
execute cheaper checks before more expensive ones
[DependencyInjection] Fix missing ExpressionLanguageProviders on extension bild
[FrameworkBundle] FormDataCollector should be loaded only if form config is enabled
* 2.5:
[HttpFoundation] [Request] fix baseUrl parsing to fix wrong path_info
[Twig][Bridge][TranslationDefaultDomain] add support of named arguments.
[Form] Improved exception message if the data class is not found
Fixes ArgvInput's argument getter with empty tokens
execute cheaper checks before more expensive ones
[FrameworkBundle] FormDataCollector should be loaded only if form config is enabled
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/collectors.xml
* 2.5:
added missing files
[TwigBundle] added a test
Indicate which file was being parsed if an exception is thrown while running translation:debug
[ClassLoader] Cast $useIncludePath property to boolean
[HttpFoundation] Minor spelling fix in PHPDocs
improve error message for multiple documents
Remove aligned '=>' and '='
[Session] remove invalid workaround in session regenerate
[Kernel] ensure session is saved before sending response
[Routing] serialize the compiled route to speed things up
[Form] Fixed usage of "name" variable in form_start block
[Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
[DependencyInjection] use inheritdoc for loaders
[Config] fix filelocator with empty name
[Form] fix form handling with unconventional request methods like OPTIONS
CSRF warning docs on Request::enableHttpMethodParameterOverride()
Conflicts:
src/Symfony/Component/Console/Helper/ProgressBar.php
* 2.3:
added missing files
[TwigBundle] added a test
Indicate which file was being parsed if an exception is thrown while running translation:debug
[ClassLoader] Cast $useIncludePath property to boolean
[HttpFoundation] Minor spelling fix in PHPDocs
improve error message for multiple documents
[Session] remove invalid workaround in session regenerate
[Kernel] ensure session is saved before sending response
[Routing] serialize the compiled route to speed things up
[Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
[DependencyInjection] use inheritdoc for loaders
[Config] fix filelocator with empty name
[Form] fix form handling with unconventional request methods like OPTIONS
CSRF warning docs on Request::enableHttpMethodParameterOverride()
Conflicts:
src/Symfony/Component/Routing/Route.php
Since the `TranslatorListener` was not registered as a service, the
proper locale would never have been passed from the current request
to the translator.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[WebProfilerBundle] Show AJAX requests in the symfony profiler toolbar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Adds AJAX requests in the web debug toolbar.
See #8896 for the original discussion.
![image](https://cloud.githubusercontent.com/assets/47313/4384087/43d1feb2-43b0-11e4-99c9-3e50e19e623f.png)
Commits
-------
16d1b35 optimized JS for the AJAX section of the toolbar
2e708d7 made minor tweaks to JS code
8e4c603 replaced the AJAX icon with a smaller one
b66f39a removed hack
9c74fcc removed uneeded web_profiler.debug_toolbar.excluded_ajax_paths parameter in the container
d43edaf [WebProfilerBundle] improved the ajax section of the WDT
37f7dd7 [WebProfilerBundle] Show AJAX requests in the symfony profiler toolbar
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Bundle][FrameworkBundle] make the stopwatch service always available
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11347
| License | MIT
| Doc PR |
Previously, one had to be careful to check if the ``debug.stopwatch`` service was available before using it. Otherwise, the application would break in the prod environment.
Commits
-------
ffc4090 make the stopwatch service always available
* 2.5: (23 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
Unexpexted ));"
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/admin.html.twig
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
* 2.4: (21 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
* 2.3:
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
Made optimization deprecating modulus operator
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/esi.xml
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
Previously, one had to be careful to check if the debug.stopwatch
service was available before using it. Otherwise, the application
would break in the prod environment.
* 2.5: (37 commits)
[Validator] Backported constraint validator tests from 2.5
[Validator] Backported constraint validator tests from 2.5
[DIC] Fixed: anonymous services are always private
Fix toolbar vertical alignment.
[HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field
[Validator] Fix little typo in ExecutionContextInterface::buildViolation() method comments
fix dependencies on HttpFoundation component
[FrameworkBundle] add missing attribute to XSD
Allow basic auth in url. Improve regex. Add tests.
fix typos and syntax in Profiler controller method comments
resolve parameters before the configs are processed
add symfony/yaml suggestion to composer.json
[HttpKernel] added an analyze of environment parameters for built-in server.
remove volatile tests
[Console] fixed style creation when providing an unknown tag option
change command to which available under most unix systems
add way to test command under windows
fix shell command injection
[Form] allowed CallbackTransformer to use callable
[Process] Added process synchronization to the incremental output tests
...
Conflicts:
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Validator/Constraints/AllValidator.php
src/Symfony/Component/Validator/Constraints/CollectionValidator.php
src/Symfony/Component/Validator/Constraints/LegacyAllValidator.php
src/Symfony/Component/Validator/Constraints/LegacyCollectionValidator.php
src/Symfony/Component/Validator/Tests/Constraints/FileValidatorTest.php
* 2.4:
[HttpKernel] added an analyze of environment parameters for built-in server.
change command to which available under most unix systems
add way to test command under windows
fix shell command injection
[Form] allowed CallbackTransformer to use callable
[Process] Added process synchronization to the incremental output tests
* 2.3:
[HttpKernel] added an analyze of environment parameters for built-in server.
change command to which available under most unix systems
add way to test command under windows
fix shell command injection
[Form] allowed CallbackTransformer to use callable
[Process] Added process synchronization to the incremental output tests
* 2.5: (33 commits)
[Validator] Added Swedish translations
[Validator] Fixed ExpressionValidator when the validation root is not an object
[Validator] Fixed: Made it possible (again) to pass a class name to Validator::validatePropertyValue()
Fix incorrect romanian plural translations
fix axes handling in Crawler::filterXPath()
fix some docblocks
Fixed self-reference in 'service_container' service breaks garbage collection (and clone).
[Process] Fix tests when pcntl is not available.
[DependencyInjection] Roll back changes made to generated files.
[Console] Roll back changes made to fixture files.
Issue #11489 Added some CA and ES translations
[Validator] Added more detailed inline documentation
[Validator] Removed information from the violation output if the value is an array, object or resource
partially reverted previous commit
fixed CS
Add point about ConsoleLogger to Console 2.5 changelog
[Validator] Fixed failing tests
[Validator] CS fixes
[FrameworkBundle] Made ConstraintValidatorFactory aware of the legacy validators
[Validator] Added extensive test coverage for the constraint validators for the different APIs
...
Conflicts:
src/Symfony/Component/Validator/Resources/translations/validators.ca.xlf
* 2.4:
Update MimeTypeExtensionGuesser.php
[Validator] Add missing polish translations
[Validator] Added missing strings from Image validator
[Templating] PhpEngine should propagate charset to its helpers
Fix ticket #10663 - Added setCharset method call to PHP templating engine.
Changed the typehint of the EsiFragmentRenderer to the interface
[Form] Improved test coverage of UrlType
[BrowserKit] Fix#10641 : BrowserKit is broken when using ip as host
* 2.3:
Update MimeTypeExtensionGuesser.php
[Templating] PhpEngine should propagate charset to its helpers
Fix ticket #10663 - Added setCharset method call to PHP templating engine.
Changed the typehint of the EsiFragmentRenderer to the interface
[Form] Improved test coverage of UrlType
[BrowserKit] Fix#10641 : BrowserKit is broken when using ip as host
Conflicts:
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
src/Symfony/Component/Templating/PhpEngine.php
* 2.4: (52 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Form/Extension/Core/EventListener/ResizeFormListener.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.3: (34 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Process.php
This PR was merged into the 2.5-dev branch.
Discussion
----------
[WIP] [FrameworkBundle] removed some more dependencies on the request service
| Q | A
| ------------- | ---
| Bug fix? | kinda (see linked tickets)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8915, #9185
| License | MIT
| Doc PR | n/a
/cc @kriswallsmith
Commits
-------
4f3d502 [FrameworkBundle] removed some more dependencies on the request service
* 2.3: (24 commits)
Add german translation for several validators (Greater/Equal/Less)
No Entity Manager defined exception
fixed CS
[Acl] Fix for issue #9433
[Validator] fix docblock typos
[DependencyInjection] removed the unused Reference and Parameter classes use statements from the compiled container class
Removed useless check if self::$trustProxies is set
Fix mistake in translation's service definition.
if handler_id is identical to null fix
CS fix
Fixed ModelChoiceList tests in Propel1 bridge.
[AclProvider] Fix incorrect behaviour when partial results returned from cache
Check if the pipe array is empty before calling stream_select()
[Intl] fixed datetime test as described in #9455
bumped Symfony version to 2.3.8
updated VERSION for 2.3.7
updated CHANGELOG for 2.3.7
re-factor Propel1 ModelChoiceList
[Form] Added method Form::getClickedButton() to remove memory leak in FormValidator
[Locale] fixed the failing test described in #9455
...
Conflicts:
src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
src/Symfony/Bridge/Propel1/Tests/Fixtures/ItemQuery.php
src/Symfony/Bridge/Propel1/Tests/Form/ChoiceList/ModelChoiceListTest.php
src/Symfony/Bridge/Propel1/Tests/Propel1TestCase.php
src/Symfony/Component/Form/Tests/CompoundFormTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/Process.php
* 2.2:
No Entity Manager defined exception
fixed CS
[Acl] Fix for issue #9433
[Validator] fix docblock typos
[DependencyInjection] removed the unused Reference and Parameter classes use statements from the compiled container class
Fix mistake in translation's service definition.
if handler_id is identical to null fix
CS fix
Fixed ModelChoiceList tests in Propel1 bridge.
[AclProvider] Fix incorrect behaviour when partial results returned from cache
Check if the pipe array is empty before calling stream_select()
re-factor Propel1 ModelChoiceList
[Locale] fixed the failing test described in #9455
[Process] fix phpdoc and timeout of 0
bug #9445 [BrowserKit] fixed protocol-relative url redirection
Conflicts:
src/Symfony/Component/BrowserKit/Tests/ClientTest.php
src/Symfony/Component/Locale/Tests/Stub/StubIntlDateFormatterTest.php
This PR was merged into the master branch.
Discussion
----------
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6686, #7673
| License | MIT
| Doc PR | n/a
The removal of the Profiler dependency on the TraceableEventDispatcher (#9170) allows to remerge the patch from #9068 that fixes#6686.
This PR also cleans up how profiles are stored. A Profile is now always stored only once.
The fix will only be available on 2.4+ as the changes are too deep to be backported to 2.2 and 2.3.
Commits
-------
1e1835e [FrameworkBundle] made sure that the debug event dispatcher is used everywhere
This PR was merged into the master branch.
Discussion
----------
[HttpFoundation] Add a way to avoid the session be written at each request
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (maybe the DI config ?)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/3017
Commits
-------
191418d [HttpFoundation] Add a way to avoid the session be written at each request
This PR was merged into the master branch.
Discussion
----------
Decoupled TraceableEventDispatcher from the Profiler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR removes the Profiler dependency on the TraceableEventDispatcher. That makes things more decoupled and cleaner. This PR also cleans up how profiles are stored; a Profile is now always stored only once.
I've created a `LateDataCollectorInterface` that is implemented for data collector that needs to get information from data that are available very late in the request process (when the request and the response are not even available anymore). The `lateCollect()` method is called just before the profile is stored.
We have 3 data collectors that implement that interface:
* Time: As the traceable event dipsatcher gets inject timing information via the stopwatch about all events (including the `terminate` one), we need to get events from the stopwatch as late as possible.
* Event: The traceable event dispatcher gathers all called listeners to determine non-called ones. To be able to accurately do that for all events (including the `terminate` one), we need to get the data as late as possible.
* Memory: We want to get the memory as late as possible to get the most accurate number as possible
I'm not very happy with the name and as always, better suggestions would be much appreciated.
This is an extract from #9168
Commits
-------
5cedea2 [HttpKernel] added LateDataCollectorInterface
9c4bc9a [HttpKernel] decoupled TraceableEventDispatcher and Profiler
This PR was merged into the master branch.
Discussion
----------
[Security] Added Security\Csrf sub-component with better token generation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
**Update September 27, 2013**
This PR simplifies the CSRF mechanism to generate completely random tokens. A random token is generated once per ~~intention~~ token ID and then stored in the session. Tokens are valid until the session expires.
Since the CSRF token generator depends on `StringUtils` and `SecureRandom` from Security\Core, and since Security\Http currently depends on the Form component for token generation, I decided to add a new Security\Csrf sub-component that contains the improved CSRF token generator. Consequences:
* Security\Http now depends on Security\Csrf instead of Form
* Form now optionally depends on Security\Csrf
* The configuration for the "security.secure_random" service and the "security.csrf.*" services was moved to FrameworkBundle to guarantee BC
In the new Security\Csrf sub-component, I tried to improve the naming where I could do so without breaking BC:
* CSRF "providers" are now called "token generators"
* CSRF "intentions" are now called "token IDs", because that's really what they are
##### TODO
- [ ] The documentation needs to be checked for references to the configuration of the application secret. Remarks that the secret is used for CSRF protection need to be removed.
- [ ] Add aliases "csrf_token_generator" and "csrf_token_id" for "csrf_provider" and "intention" in the SecurityBundle configuration
- [x] Make sure `SecureRandom` never blocks for `CsrfTokenGenerator`
Commits
-------
7f02304 [Security] Added missing PHPDoc tag
2e04e32 Updated Composer dependencies to require the Security\Csrf component where necessary
bf85e83 [FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component
2048cf6 [Form] Deprecated the CSRF implementation and added an optional dependency to the Security CSRF sub-component instead
85d4959 [Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1bf1640 [Security] Added CSRF sub-component
This PR was merged into the master branch.
Discussion
----------
[Translation] Added support for JSON format (both loader and dumper).
Based on `IniFileLoader\Dumper`.
Q | A
--- | ---
Bug fix? |no
New feature? | yes
BC breaks?| no
Deprecations? |no
Tests pass? | yes
Fixed tickets | -
License | MIT
Doc | this component don't have docs
Commits
-------
fcef021 [Translation] Added support for JSON format (both loader and dumper).
This PR was merged into the master branch.
Discussion
----------
New Component: Expression Language
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8850, #7352
| License | MIT
| Doc PR | not yet
TODO:
- [ ] write documentation
- [x] add tests for the new component
- [x] implement expression support for access rules in the security component
- [x] find a better character/convention for expressions in the YAML format
- [x] check the performance of the evaluation mode
- [x] better error messages in the evaluation mode
- [x] add support in the Routing
- [x] add support in the Validator
The ExpressionLanguage component provides an engine that can compile and
evaluate expressions.
An expression is a one-liner that returns a value (mostly, but not limited to, Booleans).
It is a strip-down version of Twig (only the expression part of it is
implemented.) Like Twig, the expression is lexed, parsed, and
compiled/evaluated. So, it is immune to external injections by design.
If we compare it to Twig, here are the main big differences:
* only support for Twig expressions
* no ambiguity for calls (foo.bar is only valid for properties, foo['bar'] is only valid for array calls, and foo.bar() is required for method calls)
* no support for naming conventions in method calls (if the method is named getFoo(), you must use getFoo() and not foo())
* no notion of a line for errors, but a cursor (we are mostly talking about one-liners here)
* removed everything specific to the templating engine (like output escaping or filters)
* no support for named arguments in method calls
* only one extension point with functions (no possibility to define new operators, ...)
* and probably even more I don't remember right now
* there is no need for a runtime environment, the compiled PHP string is self-sufficient
An open question is whether we keep the difference betweens arrays and hashes.
The other big difference with Twig is that it can work in two modes (possible
because of the restrictions described above):
* compilation: the expression is compiled to PHP and is self-sufficient
* evaluation: the expression is evaluated without being compiled to PHP (the node tree produced by the parser can be serialized and evaluated afterwards -- so it can be saved on disk or in a database to speed up things when needed)
Let's see a simple example:
```php
$language = new ExpressionLanguage();
echo $language->evaluate('1 + 1');
// will echo 2
echo $language->compile('1 + 2');
// will echo "(1 + 2)"
```
The language supports:
* all basic math operators (with precedence rules):
* unary: not, !, -, +
* binary: or, ||, and, &&, b-or, b-xor, b-and, ==, ===, !=, !==, <, >, >=, <=, not in, in, .., +, -, ~, *, /, %, **
* all literals supported by Twig: strings, numbers, arrays (`[1, 2]`), hashes
(`{a: "b"}`), Booleans, and null.
* simple variables (`foo`), array accesses (`foo[1]`), property accesses
(`foo.bar`), and method calls (`foo.bar(1, 2)`).
* the ternary operator: `true ? true : false` (and all the shortcuts
implemented in Twig).
* function calls (`constant('FOO')` -- `constant` is the only built-in
functions).
* and of course, any combination of the above.
The compilation is better for performances as the end result is just a plain PHP string without any runtime. For the evaluation, we need to tokenize, parse, and evaluate the nodes on the fly. This can be optimized by using a `ParsedExpression` or a `SerializedParsedExpression` instead:
```php
$nodes = $language->parse($expr, $names);
$expression = new SerializedParsedExpression($expr, serialize($nodes));
// You can now store the expression in a DB for later reuse
// a SerializedParsedExpression can be evaluated like any other expressions,
// but under the hood, the lexer and the parser won't be used at all, so it''s much faster.
$language->evaluate($expression);
```
That's all folks!
I can see many use cases for this new component, and we have two use cases in
Symfony that we can implement right away.
## Using Expressions in the Service Container
The first one is expression support in the service container (it would replace
#8850) -- anywhere you can pass an argument in the service container, you can
use an expression:
```php
$c->register('foo', 'Foo')->addArgument(new Expression('bar.getvalue()'));
```
You have access to the service container via `this`:
container.get("bar").getvalue(container.getParameter("value"))
The implementation comes with two functions that simplifies expressions
(`service()` to get a service, and `parameter` to get a parameter value). The
previous example can be simplified to:
service("bar").getvalue(parameter("value"))
Here is how to use it in XML:
```xml
<parameters>
<parameter key="value">foobar</parameter>
</parameters>
<services>
<service id="foo" class="Foo">
<argument type="expression">service('bar').getvalue(parameter('value'))</argument>
</service>
<service id="bar" class="Bar" />
</services>
```
and in YAML (I chose the syntax randomly ;)):
```yaml
parameters:
value: foobar
services:
bar:
class: Bar
foo:
class: Foo
arguments: [@=service("bar").getvalue(parameter("value"))]
```
When using the container builder, Symfony uses the evaluator, but with the PHP
dumper, the compiler is used, and there is no overhead as the expression
engine is not needed at runtime. The expression above would be compiled to:
```php
$this->get("bar")->getvalue($this->getParameter("value"))
```
## Using Expression for Security Access Control Rules
The second use case in Symfony is for access rules.
As we all know, the way to configure the security access control rules is confusing, which might lead to insecure applications (see http://symfony.com/blog/security-access-control-documentation-issue for more information).
Here is how the new `allow_if` works:
```yaml
access_control:
- { path: ^/_internal/secure, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')" }
```
This one restricts the URLs starting with `/_internal/secure` to people browsing from the localhost. Here, `request` is the current Request instance. In the expression, there is access to the following variables:
* `request`
* `token`
* `user`
And to the following functions:
* `is_anonymous`
* `is_authenticated`
* `is_fully_authenticated`
* `is_rememberme`
* `has_role`
You can also use expressions in Twig, which works well with the `is_granted` function:
```jinja
{% if is_granted(expression('has_role("FOO")')) %}
...
{% endif %}
```
## Using Expressions in the Routing
Out of the box, Symfony can only match an incoming request based on some pre-determined variables (like the path info, the method, the scheme, ...). But some people want to be able to match on more complex logic, based on other information of the Request object. That's why we introduced `RequestMatcherInterface` recently (but we no default implementation in Symfony itself).
The first change I've made (not related to expression support) is implement this interface for the default `UrlMatcher`. It was simple enough.
Then, I've added a new `condition` configuration for Route objects, which allow you to add any valid expression. An expression has access to the `request` and to the routing `context`.
Here is how one would configure it in a YAML file:
```yaml
hello:
path: /hello/{name}
condition: "context.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
Why do I keep the context as all the data are also available in the request? Because you can also use the condition without using the RequestMatcherInterface, in which case, you don't have access to the request. So, the previous example is equivalent to:
```yaml
hello:
path: /hello/{name}
condition: "request.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
When using the PHP dumper, there is no overhead as the condition is compiled. Here is how it looks like:
```php
// hello
if (0 === strpos($pathinfo, '/hello') && preg_match('#^/hello/(?P<name>[^/]++)$#s', $pathinfo, $matches) && (in_array($context->getMethod(), array(0 => "GET", 1 => "HEAD")) && preg_match("/firefox/i", $request->headers->get("User-Agent")))) {
return $this->mergeDefaults(array_replace($matches, array('_route' => 'hello')), array ());
}
```
Be warned that conditions are not taken into account when generating a URL.
## Using Expressions in the Validator
There is a new Expression constraint that you can put on a class. The expression is then evaluated for validation:
```php
use Symfony\Component\Validator\Constraints as Assert;
/**
* @Assert\Condition(condition="this.getFoo() == 'fo'", message="Not good!")
*/
class Obj
{
public function getFoo()
{
return 'foo';
}
}
```
In the expression, you get access to the current object via the `this` variable.
## Dynamic annotations
The expression language component is also very useful in annotations. the SensoLabs FrameworkExtraBundle leverages this possibility to implement HTTP validation caching in the `@Cache` annotation and to add a new `@Security` annotation (see sensiolabs/SensioFrameworkExtraBundle#238.)
Commits
-------
d4ebbfd [Validator] Renamed Condition to Expression and added possibility to set it onto properties
a3b3a78 [Validator] added a constraint that runs an expression
1bcfb40 added optimized versions of expressions
984bd38 mades things more consistent for the end user
d477f15 [Routing] added support for expression conditions in routes
86ac8d7 [ExpressionLanguage] improved performance
e369d14 added a Twig extension to create Expression instances
38b7fde added support for expression in control access rules
2777ac7 [HttpFoundation] added ExpressionRequestMatcher
c25abd9 [DependencyInjection] added support for expressions in the service container
3a41781 [ExpressionLanguage] added support for regexes
9d98fa2 [ExpressionLanguage] added the component
* 2.3:
fixed phpdoc
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
* 2.2:
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Console/Command/Command.php
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php
src/Symfony/Component/Form/Form.php
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/README.md
src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
set logger in extension , so its only done in debug mode
add psr/log to suggest of templating
add test for setLogger and refactor tests to not depend that much an
deprecated functionality
Before:
enabled: true # the profiler is enabled and data are collected
enabled: false # the profiler is enabled but data are not collected (data can be collected on demand)
No way to disable the profiler
After:
enabled: true # the profiler is enabled and data are collected
collect: true
enabled: true # the profiler is enabled but data are not collected (data can be collected on demand)
collect: false
enabled: false # the profiler is disabled
This PR was merged into the master branch.
Discussion
----------
[2.3][Session] Give greater control over how and when session starts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | na
| License | MIT
| Doc PR | symfony/symfony-docs#2475
Refs #6036
Gives control over how start on demand works: allowing to turn it on or off and to allow bag access when session is off.
Commits
-------
f431cb0 Fix tests
1f521d8 Coding standards
2583c26 [HttpFoundation][FrameworkBundle] Keep save auto_start behaviour as in 2.2 and make component values consistent with FrameworkBundle's configuration options.
ceaf69b [FrameworkBundle] Use more sophisticated validation and configuration.
af0a140 [FrameworkBundle] Add configuration to allow control over session start on demand.
8fc2397 [HttpFoundation] Give control over how session start on demand.
This PR was squashed before being merged into the master branch (closes#7571).
Discussion
----------
[2.3] Handle PHP sessions started outside of Symfony
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#2474
This PR brings a way to allow Symfony2 to manage a session started outside of Symfony in such a way that quite explicit. It also introduces more robust detection of previously started sessions under PHP 5.3 and supports real session status detection under PHP 5.4
Commits
-------
df99902 [2.3] Handle PHP sessions started outside of Symfony
This PR was merged into the master branch.
Discussion
----------
[2.3] [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I did not include tests nor documentation because there weren't any for TimedTwigEngine (I took it as an example). If I'm mistaken and they are needed, I'll gladly write them.
Commits
-------
3c3d34d [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
This PR was merged into the master branch.
Discussion
----------
[2.3] [WIP] Synchronized services...
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5300, #6756
| License | MIT
| Doc PR | symfony/symfony-docs#2343
Todo:
- [x] update documentation
- [x] find a better name than contagious (synchronized)?
refs #6932, refs #5012
This PR is a proof of concept that tries to find a solution for some problems we have with scopes and services depending on scoped services (mostly the request service in Symfony).
Basically, whenever you want to inject the Request into a service, you have two possibilities:
* put your own service into the request scope (a new service will be created whenever a sub-request is run, and the service is not available outside the request scope);
* set the request service reference as non-strict (your service is always available but the request you have depends on when the service is created the first time).
This PR addresses this issue by allowing to use the second option but you service still always has the right Request service (see below for a longer explanation on how it works).
There is another issue that this PR fixes: edge cases and weird behaviors. There are several bug reports about some weird behaviors, and most of the time, this is related to the sub-requests. That's because the Request is injected into several Symfony objects without being updated correctly when leaving the request scope. Let me explain that: when a listener for instance needs the Request object, it can listen to the `kernel.request` event and store the request somewhere. So, whenever you enter a sub-request, the listener will get the new one. But when the sub-request ends, the listener has no way to know that it needs to reset the request to the master one. In practice, that's not really an issue, but let me show you an example of this issue in practice:
* You have a controller that is called with the English locale;
* The controller (probably via a template) renders a sub-request that uses the French locale;
* After the rendering, and from the controller, you try to generate a URL. Which locale the router will use? Yes, the French locale, which is wrong.
To fix these issues, this PR introduces a new notion in the DIC: synchronized services. When a service is marked as synchronized, all method calls involving this service will be called each time this service is set. When in a scope, methods are also called to restore the previous version of the service when the scope leaves.
If you have a look at the router or the locale listener, you will see that there is now a `setRequest` method that will called whenever the request service changes (because the `Container::set()` method is called or because the service is changed by a scope change).
Commits
-------
17269e1 [DependencyInjection] fixed management of scoped services with an invalid behavior set to null
bb83b3e [HttpKernel] added a safeguard for when a fragment is rendered outside the context of a master request
5d7b835 [FrameworkBundle] added some functional tests
ff9d688 fixed Request management for FragmentHandler
1b98ad3 fixed Request management for LocaleListener
a7b2b7e fixed Request management for RequestListener
0892135 [HttpKernel] ensured that the Request is null when outside of the Request scope
2ffcfb9 [FrameworkBundle] made the Request service synchronized
ec1e7ca [DependencyInjection] added a way to automatically update scoped services
This change allows any service to depend on the Request (via a method
call) and always have the right Request instance without the need for
the service to be in the request scope (you still need to set the
Request reference as non-strict).
* 2.2: (70 commits)
change wrapped exception message to be more usefull
updated VERSION for 2.0.23
update CONTRIBUTORS for 2.0.23
updated CHANGELOG for 2.0.23
[Form] fixed failing test
[DomCrawler] added support for query string with slash
Fixed invalid file path for hiddeninput.exe on Windows.
fix xsd definition for strict-requirements
[WebProfilerBundle] Fixed the toolbar styles to apply them in IE8
[ClassLoader] fixed heredocs handling
fixed handling of heredocs
Add a public modifier to an interface method
removing xdebug extension
[HttpRequest] fixes Request::getLanguages() bug
[HttpCache] added a test (cached content should be kept after purging)
[DoctrineBridge] Fixed non-utf-8 recognition
[Security] fixed HttpUtils class tests
replaced new occurences of 'Request::create()' with '::create()'
changed sub-requests creation to '::create()'
fixed merge issue
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar.html.twig
src/Symfony/Component/DomCrawler/Link.php
src/Symfony/Component/Translation/Translator.php
This PR was squashed before being merged into the master branch (closes#7202).
Commits
-------
817453c [2.2] add http_method_override option to ease setup
Discussion
----------
[2.2] add http_method_override option to ease setup
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
HttpContentRenderer has been renamed to FragmentHandler.
The RendererStrategy subnamespace has been renamed to Fragment.
The strategy classes now have Fragment in their names.
ProxyRouterListener has been renamed to FragmentListener
The router_proxy configuration entry has been renamed to fragments.